Facebook data of about 540 million users are exposed, containing passwords, account names, user IDs, comments and more. Researchers from a cyber-security firm named UpGaurd discovered the existence of two publicly accessible datasets containing the personal data of hundreds of millions of Facebook users. The datasets were stored in an unsecured Amazon S3 buckets and could be accessed by anyone around the world.
UpGuard in a blog post connected the leaked databases to a Mexico-based media company called Cultura Colectiva. The data set contains the 146GB record of 540 million Facebook users, including comments, likes, passwords, user IDs and much more.
Last month Facebook itself admitted that they stored passwords of hundreds of millions of users’ on their internal servers and due to a security slip those passwords were visible to the company’s staff. And now the evidence clearly shows that Facebook also has no control over the data it shares with the third parties. It even has no control over where the data might end up or how secure it really is.
UpGuard also discovered another leak, which was connected to a Facebook-integrated “At the pool” app, which exposed around 22,000 passwords. UpGuard says that although these passwords are designated for “At the pool” app rather than user’s Facebook account, still it would those users at risk who have reused the same passwords on their actual accounts. It also contained the data related to the users’ likes, groups and the locations where they had checked in.
The data remained unsecured since January, the first time the leak was discovered by the UpGuard, and Facebook had no clue until tomorrow when Bloomberg contacted Facebook and notified them.
Facebook’s spokesperson said, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases, we are committed to working with the developers on our platform to protect people’s data”.
The spokesperson also said that the company is trying to find out the extent of information that was available and how much might have been impacted by the leak. This is the same assurance which the social media giant gave after the Cambridge Analytica scandal, where Facebook gave illegal access to the data of around 50 million Facebook accounts to the voter profiling company.
Mark Zuckerburg, the CEO of Facebook recently laid out which was focused on the privacy of the social network, but this and the previous data exposures show that he has little to none control over the security of the Facebook users.